1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright © 2016 Intel Corporation
6 * Scott Bauer <scott.bauer@intel.com>
7 * Rafael Antognolli <rafael.antognolli@intel.com>
10 #define pr_fmt(fmt) KBUILD_MODNAME ":OPAL: " fmt
12 #include <linux/delay.h>
13 #include <linux/device.h>
14 #include <linux/kernel.h>
15 #include <linux/list.h>
16 #include <linux/blkdev.h>
17 #include <linux/slab.h>
18 #include <linux/uaccess.h>
19 #include <uapi/linux/sed-opal.h>
20 #include <linux/sed-opal.h>
21 #include <linux/sed-opal-key.h>
22 #include <linux/string.h>
23 #include <linux/kdev_t.h>
24 #include <linux/key.h>
25 #include <linux/key-type.h>
26 #include <keys/user-type.h>
28 #include "opal_proto.h"
30 #define IO_BUFFER_LENGTH 2048
33 /* Number of bytes needed by cmd_finalize. */
34 #define CMD_FINALIZE_BYTES_NEEDED 7
36 static struct key *sed_opal_keyring;
39 int (*fn)(struct opal_dev *dev, void *data);
42 typedef int (cont_fn)(struct opal_dev *dev);
44 enum opal_atom_width {
53 * On the parsed response, we don't store again the toks that are already
54 * stored in the response buffer. Instead, for each token, we just store a
55 * pointer to the position in the buffer where the token starts, and the size
56 * of the token in bytes.
58 struct opal_resp_tok {
61 enum opal_response_token type;
62 enum opal_atom_width width;
70 * From the response header it's not possible to know how many tokens there are
71 * on the payload. So we hardcode that the maximum will be MAX_TOKS, and later
72 * if we start dealing with messages that have more than that, we can increase
73 * this number. This is done to avoid having to make two passes through the
74 * response, the first one counting how many tokens we have and the second one
75 * actually storing the positions.
79 struct opal_resp_tok toks[MAX_TOKS];
86 sec_send_recv *send_recv;
88 struct mutex dev_lock;
92 u64 align; /* alignment granularity */
94 u32 logical_block_size;
95 u8 align_required; /* ALIGN: 0 or 1 */
101 struct parsed_resp parsed;
105 struct list_head unlk_lst;
109 static const u8 opaluid[][OPAL_UID_LENGTH] = {
112 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff },
114 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 },
116 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x01 },
117 [OPAL_LOCKINGSP_UID] =
118 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x00, 0x00, 0x02 },
119 [OPAL_ENTERPRISE_LOCKINGSP_UID] =
120 { 0x00, 0x00, 0x02, 0x05, 0x00, 0x01, 0x00, 0x01 },
122 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x01 },
124 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x06 },
126 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0x00, 0x01 },
128 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x01 },
130 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x03, 0x00, 0x02 },
132 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x01, 0xff, 0x01 },
133 [OPAL_ENTERPRISE_BANDMASTER0_UID] =
134 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x80, 0x01 },
135 [OPAL_ENTERPRISE_ERASEMASTER_UID] =
136 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x84, 0x01 },
140 { 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01 },
141 [OPAL_LOCKINGRANGE_GLOBAL] =
142 { 0x00, 0x00, 0x08, 0x02, 0x00, 0x00, 0x00, 0x01 },
143 [OPAL_LOCKINGRANGE_ACE_START_TO_KEY] =
144 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xD0, 0x01 },
145 [OPAL_LOCKINGRANGE_ACE_RDLOCKED] =
146 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE0, 0x01 },
147 [OPAL_LOCKINGRANGE_ACE_WRLOCKED] =
148 { 0x00, 0x00, 0x00, 0x08, 0x00, 0x03, 0xE8, 0x01 },
150 { 0x00, 0x00, 0x08, 0x03, 0x00, 0x00, 0x00, 0x01 },
152 { 0x00, 0x00, 0x08, 0x04, 0x00, 0x00, 0x00, 0x00 },
153 [OPAL_AUTHORITY_TABLE] =
154 { 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x00},
156 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x00},
157 [OPAL_LOCKING_INFO_TABLE] =
158 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x01 },
159 [OPAL_ENTERPRISE_LOCKING_INFO_TABLE] =
160 { 0x00, 0x00, 0x08, 0x01, 0x00, 0x00, 0x00, 0x00 },
162 { 0x00, 0x00, 0x10, 0x01, 0x00, 0x00, 0x00, 0x00 },
164 /* C_PIN_TABLE object ID's */
166 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x84, 0x02},
168 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x00, 0x00, 0x01},
169 [OPAL_C_PIN_ADMIN1] =
170 { 0x00, 0x00, 0x00, 0x0B, 0x00, 0x01, 0x00, 0x01},
172 /* half UID's (only first 4 bytes used) */
173 [OPAL_HALF_UID_AUTHORITY_OBJ_REF] =
174 { 0x00, 0x00, 0x0C, 0x05, 0xff, 0xff, 0xff, 0xff },
175 [OPAL_HALF_UID_BOOLEAN_ACE] =
176 { 0x00, 0x00, 0x04, 0x0E, 0xff, 0xff, 0xff, 0xff },
178 /* special value for omitted optional parameter */
180 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff},
184 * TCG Storage SSC Methods.
185 * Derived from: TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
186 * Section: 6.3 Assigned UIDs
188 static const u8 opalmethod[][OPAL_METHOD_LENGTH] = {
190 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x01 },
191 [OPAL_STARTSESSION] =
192 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xff, 0x02 },
194 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x02 },
196 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x02, 0x03 },
198 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x06 },
200 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x07 },
202 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x08 },
203 [OPAL_EAUTHENTICATE] =
204 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0c },
206 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x0d },
208 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x10 },
210 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x11 },
212 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x16 },
214 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x17 },
215 [OPAL_AUTHENTICATE] =
216 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x1c },
218 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x06, 0x01 },
220 { 0x00, 0x00, 0x00, 0x06, 0x00, 0x00, 0x08, 0x03 },
223 static int end_opal_session_error(struct opal_dev *dev);
224 static int opal_discovery0_step(struct opal_dev *dev);
226 struct opal_suspend_data {
227 struct opal_lock_unlock unlk;
229 struct list_head node;
234 * TCG_Storage_Architecture_Core_Spec_v2.01_r1.00
235 * Section: 5.1.5 Method Status Codes
237 static const char * const opal_errors[] = {
245 "No Sessions Available",
246 "Uniqueness Conflict",
247 "Insufficient Space",
254 "Transaction Failure",
256 "Authority Locked Out",
259 static const char *opal_error_to_human(int error)
264 if (error >= ARRAY_SIZE(opal_errors) || error < 0)
265 return "Unknown Error";
267 return opal_errors[error];
270 static void print_buffer(const u8 *ptr, u32 length)
273 print_hex_dump_bytes("OPAL: ", DUMP_PREFIX_OFFSET, ptr, length);
279 * Allocate/update a SED Opal key and add it to the SED Opal keyring.
281 static int update_sed_opal_key(const char *desc, u_char *key_data, int keylen)
285 if (!sed_opal_keyring)
288 kr = key_create_or_update(make_key_ref(sed_opal_keyring, true), "user",
289 desc, (const void *)key_data, keylen,
290 KEY_USR_VIEW | KEY_USR_SEARCH | KEY_USR_WRITE,
291 KEY_ALLOC_NOT_IN_QUOTA | KEY_ALLOC_BUILT_IN |
292 KEY_ALLOC_BYPASS_RESTRICTION);
294 pr_err("Error adding SED key (%ld)\n", PTR_ERR(kr));
302 * Read a SED Opal key from the SED Opal keyring.
304 static int read_sed_opal_key(const char *key_name, u_char *buffer, int buflen)
310 if (!sed_opal_keyring)
313 kref = keyring_search(make_key_ref(sed_opal_keyring, true),
314 &key_type_user, key_name, true);
319 key = key_ref_to_ptr(kref);
320 down_read(&key->sem);
321 ret = key_validate(key);
323 if (buflen > key->datalen)
324 buflen = key->datalen;
326 ret = key->type->read(key, (char *)buffer, buflen);
335 static int opal_get_key(struct opal_dev *dev, struct opal_key *key)
339 switch (key->key_type) {
341 /* the key is ready to use */
344 /* the key is in the keyring */
345 ret = read_sed_opal_key(OPAL_AUTH_KEY, key->key, OPAL_KEY_MAX);
352 key->key_type = OPAL_INCLUDED;
362 /* must have a PEK by now or it's an error */
363 if (key->key_type != OPAL_INCLUDED || key->key_len == 0) {
369 pr_debug("Error getting password: %d\n", ret);
373 static bool check_tper(const void *data)
375 const struct d0_tper_features *tper = data;
376 u8 flags = tper->supported_features;
378 if (!(flags & TPER_SYNC_SUPPORTED)) {
379 pr_debug("TPer sync not supported. flags = %d\n",
380 tper->supported_features);
387 static bool check_lcksuppt(const void *data)
389 const struct d0_locking_features *lfeat = data;
390 u8 sup_feat = lfeat->supported_features;
392 return !!(sup_feat & LOCKING_SUPPORTED_MASK);
395 static bool check_lckenabled(const void *data)
397 const struct d0_locking_features *lfeat = data;
398 u8 sup_feat = lfeat->supported_features;
400 return !!(sup_feat & LOCKING_ENABLED_MASK);
403 static bool check_locked(const void *data)
405 const struct d0_locking_features *lfeat = data;
406 u8 sup_feat = lfeat->supported_features;
408 return !!(sup_feat & LOCKED_MASK);
411 static bool check_mbrenabled(const void *data)
413 const struct d0_locking_features *lfeat = data;
414 u8 sup_feat = lfeat->supported_features;
416 return !!(sup_feat & MBR_ENABLED_MASK);
419 static bool check_mbrdone(const void *data)
421 const struct d0_locking_features *lfeat = data;
422 u8 sup_feat = lfeat->supported_features;
424 return !!(sup_feat & MBR_DONE_MASK);
427 static bool check_sum(const void *data)
429 const struct d0_single_user_mode *sum = data;
430 u32 nlo = be32_to_cpu(sum->num_locking_objects);
433 pr_debug("Need at least one locking object.\n");
437 pr_debug("Number of locking objects: %d\n", nlo);
442 static u16 get_comid_v100(const void *data)
444 const struct d0_opal_v100 *v100 = data;
446 return be16_to_cpu(v100->baseComID);
449 static u16 get_comid_v200(const void *data)
451 const struct d0_opal_v200 *v200 = data;
453 return be16_to_cpu(v200->baseComID);
456 static int opal_send_cmd(struct opal_dev *dev)
458 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
459 dev->cmd, IO_BUFFER_LENGTH,
463 static int opal_recv_cmd(struct opal_dev *dev)
465 return dev->send_recv(dev->data, dev->comid, TCG_SECP_01,
466 dev->resp, IO_BUFFER_LENGTH,
470 static int opal_recv_check(struct opal_dev *dev)
472 size_t buflen = IO_BUFFER_LENGTH;
473 void *buffer = dev->resp;
474 struct opal_header *hdr = buffer;
478 pr_debug("Sent OPAL command: outstanding=%d, minTransfer=%d\n",
479 hdr->cp.outstandingData,
480 hdr->cp.minTransfer);
482 if (hdr->cp.outstandingData == 0 ||
483 hdr->cp.minTransfer != 0)
486 memset(buffer, 0, buflen);
487 ret = opal_recv_cmd(dev);
493 static int opal_send_recv(struct opal_dev *dev, cont_fn *cont)
497 ret = opal_send_cmd(dev);
500 ret = opal_recv_cmd(dev);
503 ret = opal_recv_check(dev);
509 static void check_geometry(struct opal_dev *dev, const void *data)
511 const struct d0_geometry_features *geo = data;
513 dev->align = be64_to_cpu(geo->alignment_granularity);
514 dev->lowest_lba = be64_to_cpu(geo->lowest_aligned_lba);
515 dev->logical_block_size = be32_to_cpu(geo->logical_block_size);
516 dev->align_required = geo->reserved01 & 1;
519 static int execute_step(struct opal_dev *dev,
520 const struct opal_step *step, size_t stepIndex)
522 int error = step->fn(dev, step->data);
525 pr_debug("Step %zu (%pS) failed with error %d: %s\n",
526 stepIndex, step->fn, error,
527 opal_error_to_human(error));
533 static int execute_steps(struct opal_dev *dev,
534 const struct opal_step *steps, size_t n_steps)
539 /* first do a discovery0 */
540 error = opal_discovery0_step(dev);
544 for (state = 0; state < n_steps; state++) {
545 error = execute_step(dev, &steps[state], state);
554 * For each OPAL command the first step in steps starts some sort of
555 * session. If an error occurred in the initial discovery0 or if an
556 * error occurred in the first step (and thus stopping the loop with
557 * state == 0) then there was an error before or during the attempt to
558 * start a session. Therefore we shouldn't attempt to terminate a
559 * session, as one has not yet been created.
562 end_opal_session_error(dev);
567 static int opal_discovery0_end(struct opal_dev *dev, void *data)
569 struct opal_discovery *discv_out = data; /* may be NULL */
572 bool found_com_id = false, supported = true, single_user = false;
573 const struct d0_header *hdr = (struct d0_header *)dev->resp;
574 const u8 *epos = dev->resp, *cpos = dev->resp;
576 u32 hlen = be32_to_cpu(hdr->length);
578 print_buffer(dev->resp, hlen);
579 dev->flags &= OPAL_FL_SUPPORTED;
581 if (hlen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
582 pr_debug("Discovery length overflows buffer (%zu+%u)/%u\n",
583 sizeof(*hdr), hlen, IO_BUFFER_LENGTH);
588 buf_out = (u8 __user *)(uintptr_t)discv_out->data;
589 len_out = min_t(u64, discv_out->size, hlen);
590 if (buf_out && copy_to_user(buf_out, dev->resp, len_out))
593 discv_out->size = hlen; /* actual size of data */
596 epos += hlen; /* end of buffer */
597 cpos += sizeof(*hdr); /* current position on buffer */
599 while (cpos < epos && supported) {
600 const struct d0_features *body =
601 (const struct d0_features *)cpos;
603 switch (be16_to_cpu(body->code)) {
605 supported = check_tper(body->features);
608 single_user = check_sum(body->features);
610 dev->flags |= OPAL_FL_SUM_SUPPORTED;
613 check_geometry(dev, body);
616 if (check_lcksuppt(body->features))
617 dev->flags |= OPAL_FL_LOCKING_SUPPORTED;
618 if (check_lckenabled(body->features))
619 dev->flags |= OPAL_FL_LOCKING_ENABLED;
620 if (check_locked(body->features))
621 dev->flags |= OPAL_FL_LOCKED;
622 if (check_mbrenabled(body->features))
623 dev->flags |= OPAL_FL_MBR_ENABLED;
624 if (check_mbrdone(body->features))
625 dev->flags |= OPAL_FL_MBR_DONE;
629 /* some ignored properties */
630 pr_debug("Found OPAL feature description: %d\n",
631 be16_to_cpu(body->code));
634 comid = get_comid_v100(body->features);
638 comid = get_comid_v200(body->features);
641 case 0xbfff ... 0xffff:
642 /* vendor specific, just ignore */
645 pr_debug("OPAL Unknown feature: %d\n",
646 be16_to_cpu(body->code));
649 cpos += body->length + 4;
653 pr_debug("This device is not Opal enabled. Not Supported!\n");
658 pr_debug("Device doesn't support single user mode\n");
662 pr_debug("Could not find OPAL comid for device. Returning early\n");
671 static int opal_discovery0(struct opal_dev *dev, void *data)
675 memset(dev->resp, 0, IO_BUFFER_LENGTH);
676 dev->comid = OPAL_DISCOVERY_COMID;
677 ret = opal_recv_cmd(dev);
681 return opal_discovery0_end(dev, data);
684 static int opal_discovery0_step(struct opal_dev *dev)
686 const struct opal_step discovery0_step = {
687 opal_discovery0, NULL
690 return execute_step(dev, &discovery0_step, 0);
693 static size_t remaining_size(struct opal_dev *cmd)
695 return IO_BUFFER_LENGTH - cmd->pos;
698 static bool can_add(int *err, struct opal_dev *cmd, size_t len)
703 if (remaining_size(cmd) < len) {
704 pr_debug("Error adding %zu bytes: end of buffer.\n", len);
712 static void add_token_u8(int *err, struct opal_dev *cmd, u8 tok)
714 if (!can_add(err, cmd, 1))
717 cmd->cmd[cmd->pos++] = tok;
720 static void add_short_atom_header(struct opal_dev *cmd, bool bytestring,
721 bool has_sign, int len)
726 atom = SHORT_ATOM_ID;
727 atom |= bytestring ? SHORT_ATOM_BYTESTRING : 0;
728 atom |= has_sign ? SHORT_ATOM_SIGNED : 0;
729 atom |= len & SHORT_ATOM_LEN_MASK;
731 add_token_u8(&err, cmd, atom);
734 static void add_medium_atom_header(struct opal_dev *cmd, bool bytestring,
735 bool has_sign, int len)
739 header0 = MEDIUM_ATOM_ID;
740 header0 |= bytestring ? MEDIUM_ATOM_BYTESTRING : 0;
741 header0 |= has_sign ? MEDIUM_ATOM_SIGNED : 0;
742 header0 |= (len >> 8) & MEDIUM_ATOM_LEN_MASK;
744 cmd->cmd[cmd->pos++] = header0;
745 cmd->cmd[cmd->pos++] = len;
748 static void add_token_u64(int *err, struct opal_dev *cmd, u64 number)
753 if (!(number & ~TINY_ATOM_DATA_MASK)) {
754 add_token_u8(err, cmd, number);
759 len = DIV_ROUND_UP(msb, 8);
761 if (!can_add(err, cmd, len + 1)) {
762 pr_debug("Error adding u64: end of buffer.\n");
765 add_short_atom_header(cmd, false, false, len);
767 add_token_u8(err, cmd, number >> (len * 8));
770 static u8 *add_bytestring_header(int *err, struct opal_dev *cmd, size_t len)
772 size_t header_len = 1;
773 bool is_short_atom = true;
775 if (len & ~SHORT_ATOM_LEN_MASK) {
777 is_short_atom = false;
780 if (!can_add(err, cmd, header_len + len)) {
781 pr_debug("Error adding bytestring: end of buffer.\n");
786 add_short_atom_header(cmd, true, false, len);
788 add_medium_atom_header(cmd, true, false, len);
790 return &cmd->cmd[cmd->pos];
793 static void add_token_bytestring(int *err, struct opal_dev *cmd,
794 const u8 *bytestring, size_t len)
798 start = add_bytestring_header(err, cmd, len);
801 memcpy(start, bytestring, len);
805 static int build_locking_range(u8 *buffer, size_t length, u8 lr)
807 if (length > OPAL_UID_LENGTH) {
808 pr_debug("Can't build locking range. Length OOB\n");
812 memcpy(buffer, opaluid[OPAL_LOCKINGRANGE_GLOBAL], OPAL_UID_LENGTH);
817 buffer[5] = LOCKING_RANGE_NON_GLOBAL;
823 static int build_locking_user(u8 *buffer, size_t length, u8 lr)
825 if (length > OPAL_UID_LENGTH) {
826 pr_debug("Can't build locking range user. Length OOB\n");
830 memcpy(buffer, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
837 static void set_comid(struct opal_dev *cmd, u16 comid)
839 struct opal_header *hdr = (struct opal_header *)cmd->cmd;
841 hdr->cp.extendedComID[0] = comid >> 8;
842 hdr->cp.extendedComID[1] = comid;
843 hdr->cp.extendedComID[2] = 0;
844 hdr->cp.extendedComID[3] = 0;
847 static int cmd_finalize(struct opal_dev *cmd, u32 hsn, u32 tsn)
849 struct opal_header *hdr;
853 * Close the parameter list opened from cmd_start.
854 * The number of bytes added must be equal to
855 * CMD_FINALIZE_BYTES_NEEDED.
857 add_token_u8(&err, cmd, OPAL_ENDLIST);
859 add_token_u8(&err, cmd, OPAL_ENDOFDATA);
860 add_token_u8(&err, cmd, OPAL_STARTLIST);
861 add_token_u8(&err, cmd, 0);
862 add_token_u8(&err, cmd, 0);
863 add_token_u8(&err, cmd, 0);
864 add_token_u8(&err, cmd, OPAL_ENDLIST);
867 pr_debug("Error finalizing command.\n");
871 hdr = (struct opal_header *) cmd->cmd;
873 hdr->pkt.tsn = cpu_to_be32(tsn);
874 hdr->pkt.hsn = cpu_to_be32(hsn);
876 hdr->subpkt.length = cpu_to_be32(cmd->pos - sizeof(*hdr));
877 while (cmd->pos % 4) {
878 if (cmd->pos >= IO_BUFFER_LENGTH) {
879 pr_debug("Error: Buffer overrun\n");
882 cmd->cmd[cmd->pos++] = 0;
884 hdr->pkt.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp) -
886 hdr->cp.length = cpu_to_be32(cmd->pos - sizeof(hdr->cp));
891 static const struct opal_resp_tok *response_get_token(
892 const struct parsed_resp *resp,
895 const struct opal_resp_tok *tok;
898 pr_debug("Response is NULL\n");
899 return ERR_PTR(-EINVAL);
902 if (n >= resp->num) {
903 pr_debug("Token number doesn't exist: %d, resp: %d\n",
905 return ERR_PTR(-EINVAL);
908 tok = &resp->toks[n];
910 pr_debug("Token length must be non-zero\n");
911 return ERR_PTR(-EINVAL);
917 static ssize_t response_parse_tiny(struct opal_resp_tok *tok,
922 tok->width = OPAL_WIDTH_TINY;
924 if (pos[0] & TINY_ATOM_SIGNED) {
925 tok->type = OPAL_DTA_TOKENID_SINT;
927 tok->type = OPAL_DTA_TOKENID_UINT;
928 tok->stored.u = pos[0] & 0x3f;
934 static ssize_t response_parse_short(struct opal_resp_tok *tok,
938 tok->len = (pos[0] & SHORT_ATOM_LEN_MASK) + 1;
939 tok->width = OPAL_WIDTH_SHORT;
941 if (pos[0] & SHORT_ATOM_BYTESTRING) {
942 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
943 } else if (pos[0] & SHORT_ATOM_SIGNED) {
944 tok->type = OPAL_DTA_TOKENID_SINT;
949 tok->type = OPAL_DTA_TOKENID_UINT;
951 pr_debug("uint64 with more than 8 bytes\n");
954 for (i = tok->len - 1; i > 0; i--) {
955 u_integer |= ((u64)pos[i] << (8 * b));
958 tok->stored.u = u_integer;
964 static ssize_t response_parse_medium(struct opal_resp_tok *tok,
968 tok->len = (((pos[0] & MEDIUM_ATOM_LEN_MASK) << 8) | pos[1]) + 2;
969 tok->width = OPAL_WIDTH_MEDIUM;
971 if (pos[0] & MEDIUM_ATOM_BYTESTRING)
972 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
973 else if (pos[0] & MEDIUM_ATOM_SIGNED)
974 tok->type = OPAL_DTA_TOKENID_SINT;
976 tok->type = OPAL_DTA_TOKENID_UINT;
981 static ssize_t response_parse_long(struct opal_resp_tok *tok,
985 tok->len = ((pos[1] << 16) | (pos[2] << 8) | pos[3]) + 4;
986 tok->width = OPAL_WIDTH_LONG;
988 if (pos[0] & LONG_ATOM_BYTESTRING)
989 tok->type = OPAL_DTA_TOKENID_BYTESTRING;
990 else if (pos[0] & LONG_ATOM_SIGNED)
991 tok->type = OPAL_DTA_TOKENID_SINT;
993 tok->type = OPAL_DTA_TOKENID_UINT;
998 static ssize_t response_parse_token(struct opal_resp_tok *tok,
1003 tok->type = OPAL_DTA_TOKENID_TOKEN;
1004 tok->width = OPAL_WIDTH_TOKEN;
1009 static int response_parse(const u8 *buf, size_t length,
1010 struct parsed_resp *resp)
1012 const struct opal_header *hdr;
1013 struct opal_resp_tok *iter;
1014 int num_entries = 0;
1016 ssize_t token_length;
1018 u32 clen, plen, slen;
1026 hdr = (struct opal_header *)buf;
1028 pos += sizeof(*hdr);
1030 clen = be32_to_cpu(hdr->cp.length);
1031 plen = be32_to_cpu(hdr->pkt.length);
1032 slen = be32_to_cpu(hdr->subpkt.length);
1033 pr_debug("Response size: cp: %u, pkt: %u, subpkt: %u\n",
1036 if (clen == 0 || plen == 0 || slen == 0 ||
1037 slen > IO_BUFFER_LENGTH - sizeof(*hdr)) {
1038 pr_debug("Bad header length. cp: %u, pkt: %u, subpkt: %u\n",
1040 print_buffer(pos, sizeof(*hdr));
1044 if (pos > buf + length)
1049 print_buffer(pos, total);
1051 if (pos[0] <= TINY_ATOM_BYTE) /* tiny atom */
1052 token_length = response_parse_tiny(iter, pos);
1053 else if (pos[0] <= SHORT_ATOM_BYTE) /* short atom */
1054 token_length = response_parse_short(iter, pos);
1055 else if (pos[0] <= MEDIUM_ATOM_BYTE) /* medium atom */
1056 token_length = response_parse_medium(iter, pos);
1057 else if (pos[0] <= LONG_ATOM_BYTE) /* long atom */
1058 token_length = response_parse_long(iter, pos);
1059 else if (pos[0] == EMPTY_ATOM_BYTE) /* empty atom */
1062 token_length = response_parse_token(iter, pos);
1064 if (token_length < 0)
1065 return token_length;
1067 if (pos[0] != EMPTY_ATOM_BYTE)
1070 pos += token_length;
1071 total -= token_length;
1075 resp->num = num_entries;
1080 static size_t response_get_string(const struct parsed_resp *resp, int n,
1084 const struct opal_resp_tok *tok;
1087 tok = response_get_token(resp, n);
1091 if (tok->type != OPAL_DTA_TOKENID_BYTESTRING) {
1092 pr_debug("Token is not a byte string!\n");
1096 switch (tok->width) {
1097 case OPAL_WIDTH_TINY:
1098 case OPAL_WIDTH_SHORT:
1101 case OPAL_WIDTH_MEDIUM:
1104 case OPAL_WIDTH_LONG:
1108 pr_debug("Token has invalid width!\n");
1112 *store = tok->pos + skip;
1114 return tok->len - skip;
1117 static u64 response_get_u64(const struct parsed_resp *resp, int n)
1119 const struct opal_resp_tok *tok;
1121 tok = response_get_token(resp, n);
1125 if (tok->type != OPAL_DTA_TOKENID_UINT) {
1126 pr_debug("Token is not unsigned int: %d\n", tok->type);
1130 if (tok->width != OPAL_WIDTH_TINY && tok->width != OPAL_WIDTH_SHORT) {
1131 pr_debug("Atom is not short or tiny: %d\n", tok->width);
1135 return tok->stored.u;
1138 static bool response_token_matches(const struct opal_resp_tok *token, u8 match)
1140 if (IS_ERR(token) ||
1141 token->type != OPAL_DTA_TOKENID_TOKEN ||
1142 token->pos[0] != match)
1147 static u8 response_status(const struct parsed_resp *resp)
1149 const struct opal_resp_tok *tok;
1151 tok = response_get_token(resp, 0);
1152 if (response_token_matches(tok, OPAL_ENDOFSESSION))
1156 return DTAERROR_NO_METHOD_STATUS;
1158 tok = response_get_token(resp, resp->num - 5);
1159 if (!response_token_matches(tok, OPAL_STARTLIST))
1160 return DTAERROR_NO_METHOD_STATUS;
1162 tok = response_get_token(resp, resp->num - 1);
1163 if (!response_token_matches(tok, OPAL_ENDLIST))
1164 return DTAERROR_NO_METHOD_STATUS;
1166 return response_get_u64(resp, resp->num - 4);
1169 /* Parses and checks for errors */
1170 static int parse_and_check_status(struct opal_dev *dev)
1174 print_buffer(dev->cmd, dev->pos);
1176 error = response_parse(dev->resp, IO_BUFFER_LENGTH, &dev->parsed);
1178 pr_debug("Couldn't parse response.\n");
1182 return response_status(&dev->parsed);
1185 static void clear_opal_cmd(struct opal_dev *dev)
1187 dev->pos = sizeof(struct opal_header);
1188 memset(dev->cmd, 0, IO_BUFFER_LENGTH);
1191 static int cmd_start(struct opal_dev *dev, const u8 *uid, const u8 *method)
1195 clear_opal_cmd(dev);
1196 set_comid(dev, dev->comid);
1198 add_token_u8(&err, dev, OPAL_CALL);
1199 add_token_bytestring(&err, dev, uid, OPAL_UID_LENGTH);
1200 add_token_bytestring(&err, dev, method, OPAL_METHOD_LENGTH);
1203 * Every method call is followed by its parameters enclosed within
1204 * OPAL_STARTLIST and OPAL_ENDLIST tokens. We automatically open the
1205 * parameter list here and close it later in cmd_finalize.
1207 add_token_u8(&err, dev, OPAL_STARTLIST);
1212 static int start_opal_session_cont(struct opal_dev *dev)
1217 error = parse_and_check_status(dev);
1221 hsn = response_get_u64(&dev->parsed, 4);
1222 tsn = response_get_u64(&dev->parsed, 5);
1224 if (hsn != GENERIC_HOST_SESSION_NUM || tsn < FIRST_TPER_SESSION_NUM) {
1225 pr_debug("Couldn't authenticate session\n");
1235 static void add_suspend_info(struct opal_dev *dev,
1236 struct opal_suspend_data *sus)
1238 struct opal_suspend_data *iter;
1240 list_for_each_entry(iter, &dev->unlk_lst, node) {
1241 if (iter->lr == sus->lr) {
1242 list_del(&iter->node);
1247 list_add_tail(&sus->node, &dev->unlk_lst);
1250 static int end_session_cont(struct opal_dev *dev)
1255 return parse_and_check_status(dev);
1258 static int finalize_and_send(struct opal_dev *dev, cont_fn cont)
1262 ret = cmd_finalize(dev, dev->hsn, dev->tsn);
1264 pr_debug("Error finalizing command buffer: %d\n", ret);
1268 print_buffer(dev->cmd, dev->pos);
1270 return opal_send_recv(dev, cont);
1273 static int generic_get_columns(struct opal_dev *dev, const u8 *table,
1274 u64 start_column, u64 end_column)
1278 err = cmd_start(dev, table, opalmethod[OPAL_GET]);
1280 add_token_u8(&err, dev, OPAL_STARTLIST);
1282 add_token_u8(&err, dev, OPAL_STARTNAME);
1283 add_token_u8(&err, dev, OPAL_STARTCOLUMN);
1284 add_token_u64(&err, dev, start_column);
1285 add_token_u8(&err, dev, OPAL_ENDNAME);
1287 add_token_u8(&err, dev, OPAL_STARTNAME);
1288 add_token_u8(&err, dev, OPAL_ENDCOLUMN);
1289 add_token_u64(&err, dev, end_column);
1290 add_token_u8(&err, dev, OPAL_ENDNAME);
1292 add_token_u8(&err, dev, OPAL_ENDLIST);
1297 return finalize_and_send(dev, parse_and_check_status);
1301 * request @column from table @table on device @dev. On success, the column
1302 * data will be available in dev->resp->tok[4]
1304 static int generic_get_column(struct opal_dev *dev, const u8 *table,
1307 return generic_get_columns(dev, table, column, column);
1311 * see TCG SAS 5.3.2.3 for a description of the available columns
1313 * the result is provided in dev->resp->tok[4]
1315 static int generic_get_table_info(struct opal_dev *dev, const u8 *table_uid,
1318 u8 uid[OPAL_UID_LENGTH];
1319 const unsigned int half = OPAL_UID_LENGTH_HALF;
1321 /* sed-opal UIDs can be split in two halves:
1322 * first: actual table index
1323 * second: relative index in the table
1324 * so we have to get the first half of the OPAL_TABLE_TABLE and use the
1325 * first part of the target table as relative index into that table
1327 memcpy(uid, opaluid[OPAL_TABLE_TABLE], half);
1328 memcpy(uid + half, table_uid, half);
1330 return generic_get_column(dev, uid, column);
1333 static int gen_key(struct opal_dev *dev, void *data)
1335 u8 uid[OPAL_UID_LENGTH];
1338 memcpy(uid, dev->prev_data, min(sizeof(uid), dev->prev_d_len));
1339 kfree(dev->prev_data);
1340 dev->prev_data = NULL;
1342 err = cmd_start(dev, uid, opalmethod[OPAL_GENKEY]);
1345 pr_debug("Error building gen key command\n");
1350 return finalize_and_send(dev, parse_and_check_status);
1353 static int get_active_key_cont(struct opal_dev *dev)
1355 const char *activekey;
1359 error = parse_and_check_status(dev);
1363 keylen = response_get_string(&dev->parsed, 4, &activekey);
1365 pr_debug("%s: Couldn't extract the Activekey from the response\n",
1367 return OPAL_INVAL_PARAM;
1370 dev->prev_data = kmemdup(activekey, keylen, GFP_KERNEL);
1372 if (!dev->prev_data)
1375 dev->prev_d_len = keylen;
1380 static int get_active_key(struct opal_dev *dev, void *data)
1382 u8 uid[OPAL_UID_LENGTH];
1386 err = build_locking_range(uid, sizeof(uid), *lr);
1390 err = generic_get_column(dev, uid, OPAL_ACTIVEKEY);
1394 return get_active_key_cont(dev);
1397 static int generic_table_write_data(struct opal_dev *dev, const u64 data,
1398 u64 offset, u64 size, const u8 *uid)
1400 const u8 __user *src = (u8 __user *)(uintptr_t)data;
1406 /* do we fit in the available space? */
1407 err = generic_get_table_info(dev, uid, OPAL_TABLE_ROWS);
1409 pr_debug("Couldn't get the table size\n");
1413 len = response_get_u64(&dev->parsed, 4);
1414 if (size > len || offset > len - size) {
1415 pr_debug("Does not fit in the table (%llu vs. %llu)\n",
1416 offset + size, len);
1420 /* do the actual transmission(s) */
1421 while (off < size) {
1422 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1423 add_token_u8(&err, dev, OPAL_STARTNAME);
1424 add_token_u8(&err, dev, OPAL_WHERE);
1425 add_token_u64(&err, dev, offset + off);
1426 add_token_u8(&err, dev, OPAL_ENDNAME);
1428 add_token_u8(&err, dev, OPAL_STARTNAME);
1429 add_token_u8(&err, dev, OPAL_VALUES);
1432 * The bytestring header is either 1 or 2 bytes, so assume 2.
1433 * There also needs to be enough space to accommodate the
1434 * trailing OPAL_ENDNAME (1 byte) and tokens added by
1437 len = min(remaining_size(dev) - (2+1+CMD_FINALIZE_BYTES_NEEDED),
1438 (size_t)(size - off));
1439 pr_debug("Write bytes %zu+%llu/%llu\n", off, len, size);
1441 dst = add_bytestring_header(&err, dev, len);
1445 if (copy_from_user(dst, src + off, len)) {
1452 add_token_u8(&err, dev, OPAL_ENDNAME);
1456 err = finalize_and_send(dev, parse_and_check_status);
1466 static int generic_lr_enable_disable(struct opal_dev *dev,
1467 u8 *uid, bool rle, bool wle,
1472 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1474 add_token_u8(&err, dev, OPAL_STARTNAME);
1475 add_token_u8(&err, dev, OPAL_VALUES);
1476 add_token_u8(&err, dev, OPAL_STARTLIST);
1478 add_token_u8(&err, dev, OPAL_STARTNAME);
1479 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1480 add_token_u8(&err, dev, rle);
1481 add_token_u8(&err, dev, OPAL_ENDNAME);
1483 add_token_u8(&err, dev, OPAL_STARTNAME);
1484 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1485 add_token_u8(&err, dev, wle);
1486 add_token_u8(&err, dev, OPAL_ENDNAME);
1488 add_token_u8(&err, dev, OPAL_STARTNAME);
1489 add_token_u8(&err, dev, OPAL_READLOCKED);
1490 add_token_u8(&err, dev, rl);
1491 add_token_u8(&err, dev, OPAL_ENDNAME);
1493 add_token_u8(&err, dev, OPAL_STARTNAME);
1494 add_token_u8(&err, dev, OPAL_WRITELOCKED);
1495 add_token_u8(&err, dev, wl);
1496 add_token_u8(&err, dev, OPAL_ENDNAME);
1498 add_token_u8(&err, dev, OPAL_ENDLIST);
1499 add_token_u8(&err, dev, OPAL_ENDNAME);
1504 static inline int enable_global_lr(struct opal_dev *dev, u8 *uid,
1505 struct opal_user_lr_setup *setup)
1509 err = generic_lr_enable_disable(dev, uid, !!setup->RLE, !!setup->WLE,
1512 pr_debug("Failed to create enable global lr command\n");
1517 static int setup_locking_range(struct opal_dev *dev, void *data)
1519 u8 uid[OPAL_UID_LENGTH];
1520 struct opal_user_lr_setup *setup = data;
1524 lr = setup->session.opal_key.lr;
1525 err = build_locking_range(uid, sizeof(uid), lr);
1530 err = enable_global_lr(dev, uid, setup);
1532 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1534 add_token_u8(&err, dev, OPAL_STARTNAME);
1535 add_token_u8(&err, dev, OPAL_VALUES);
1536 add_token_u8(&err, dev, OPAL_STARTLIST);
1538 add_token_u8(&err, dev, OPAL_STARTNAME);
1539 add_token_u8(&err, dev, OPAL_RANGESTART);
1540 add_token_u64(&err, dev, setup->range_start);
1541 add_token_u8(&err, dev, OPAL_ENDNAME);
1543 add_token_u8(&err, dev, OPAL_STARTNAME);
1544 add_token_u8(&err, dev, OPAL_RANGELENGTH);
1545 add_token_u64(&err, dev, setup->range_length);
1546 add_token_u8(&err, dev, OPAL_ENDNAME);
1548 add_token_u8(&err, dev, OPAL_STARTNAME);
1549 add_token_u8(&err, dev, OPAL_READLOCKENABLED);
1550 add_token_u64(&err, dev, !!setup->RLE);
1551 add_token_u8(&err, dev, OPAL_ENDNAME);
1553 add_token_u8(&err, dev, OPAL_STARTNAME);
1554 add_token_u8(&err, dev, OPAL_WRITELOCKENABLED);
1555 add_token_u64(&err, dev, !!setup->WLE);
1556 add_token_u8(&err, dev, OPAL_ENDNAME);
1558 add_token_u8(&err, dev, OPAL_ENDLIST);
1559 add_token_u8(&err, dev, OPAL_ENDNAME);
1562 pr_debug("Error building Setup Locking range command.\n");
1566 return finalize_and_send(dev, parse_and_check_status);
1569 static int response_get_column(const struct parsed_resp *resp,
1574 const struct opal_resp_tok *tok;
1578 tok = response_get_token(resp, n);
1580 return PTR_ERR(tok);
1582 if (!response_token_matches(tok, OPAL_STARTNAME)) {
1583 pr_debug("Unexpected response token type %d.\n", n);
1584 return OPAL_INVAL_PARAM;
1588 if (response_get_u64(resp, n) != column) {
1589 pr_debug("Token %d does not match expected column %u.\n",
1591 return OPAL_INVAL_PARAM;
1595 val = response_get_u64(resp, n);
1598 tok = response_get_token(resp, n);
1600 return PTR_ERR(tok);
1602 if (!response_token_matches(tok, OPAL_ENDNAME)) {
1603 pr_debug("Unexpected response token type %d.\n", n);
1604 return OPAL_INVAL_PARAM;
1614 static int locking_range_status(struct opal_dev *dev, void *data)
1616 u8 lr_buffer[OPAL_UID_LENGTH];
1618 bool rlocked, wlocked;
1620 struct opal_lr_status *lrst = data;
1622 err = build_locking_range(lr_buffer, sizeof(lr_buffer),
1623 lrst->session.opal_key.lr);
1627 err = generic_get_columns(dev, lr_buffer, OPAL_RANGESTART,
1630 pr_debug("Couldn't get lr %u table columns %d to %d.\n",
1631 lrst->session.opal_key.lr, OPAL_RANGESTART,
1637 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGESTART,
1638 &lrst->range_start);
1643 err = response_get_column(&dev->parsed, &tok_n, OPAL_RANGELENGTH,
1644 &lrst->range_length);
1649 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKENABLED,
1657 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKENABLED,
1665 err = response_get_column(&dev->parsed, &tok_n, OPAL_READLOCKED, &resp);
1672 err = response_get_column(&dev->parsed, &tok_n, OPAL_WRITELOCKED, &resp);
1678 /* opal_lock_state can not map 'read locked' only state. */
1679 lrst->l_state = OPAL_RW;
1680 if (rlocked && wlocked)
1681 lrst->l_state = OPAL_LK;
1683 lrst->l_state = OPAL_RO;
1685 pr_debug("Can not report read locked only state.\n");
1692 static int start_generic_opal_session(struct opal_dev *dev,
1694 enum opal_uid sp_type,
1701 if (key == NULL && auth != OPAL_ANYBODY_UID)
1702 return OPAL_INVAL_PARAM;
1704 hsn = GENERIC_HOST_SESSION_NUM;
1705 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1706 opalmethod[OPAL_STARTSESSION]);
1708 add_token_u64(&err, dev, hsn);
1709 add_token_bytestring(&err, dev, opaluid[sp_type], OPAL_UID_LENGTH);
1710 add_token_u8(&err, dev, 1);
1713 case OPAL_ANYBODY_UID:
1715 case OPAL_ADMIN1_UID:
1718 add_token_u8(&err, dev, OPAL_STARTNAME);
1719 add_token_u8(&err, dev, 0); /* HostChallenge */
1720 add_token_bytestring(&err, dev, key, key_len);
1721 add_token_u8(&err, dev, OPAL_ENDNAME);
1722 add_token_u8(&err, dev, OPAL_STARTNAME);
1723 add_token_u8(&err, dev, 3); /* HostSignAuth */
1724 add_token_bytestring(&err, dev, opaluid[auth],
1726 add_token_u8(&err, dev, OPAL_ENDNAME);
1729 pr_debug("Cannot start Admin SP session with auth %d\n", auth);
1730 return OPAL_INVAL_PARAM;
1734 pr_debug("Error building start adminsp session command.\n");
1738 return finalize_and_send(dev, start_opal_session_cont);
1741 static int start_anybodyASP_opal_session(struct opal_dev *dev, void *data)
1743 return start_generic_opal_session(dev, OPAL_ANYBODY_UID,
1744 OPAL_ADMINSP_UID, NULL, 0);
1747 static int start_SIDASP_opal_session(struct opal_dev *dev, void *data)
1750 const u8 *key = dev->prev_data;
1753 const struct opal_key *okey = data;
1755 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1760 ret = start_generic_opal_session(dev, OPAL_SID_UID,
1762 key, dev->prev_d_len);
1764 dev->prev_data = NULL;
1770 static int start_admin1LSP_opal_session(struct opal_dev *dev, void *data)
1772 struct opal_key *key = data;
1774 return start_generic_opal_session(dev, OPAL_ADMIN1_UID,
1776 key->key, key->key_len);
1779 static int start_PSID_opal_session(struct opal_dev *dev, void *data)
1781 const struct opal_key *okey = data;
1783 return start_generic_opal_session(dev, OPAL_PSID_UID,
1789 static int start_auth_opal_session(struct opal_dev *dev, void *data)
1791 struct opal_session_info *session = data;
1792 u8 lk_ul_user[OPAL_UID_LENGTH];
1793 size_t keylen = session->opal_key.key_len;
1796 u8 *key = session->opal_key.key;
1797 u32 hsn = GENERIC_HOST_SESSION_NUM;
1800 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1801 session->opal_key.lr);
1802 else if (session->who != OPAL_ADMIN1 && !session->sum)
1803 err = build_locking_user(lk_ul_user, sizeof(lk_ul_user),
1806 memcpy(lk_ul_user, opaluid[OPAL_ADMIN1_UID], OPAL_UID_LENGTH);
1811 err = cmd_start(dev, opaluid[OPAL_SMUID_UID],
1812 opalmethod[OPAL_STARTSESSION]);
1814 add_token_u64(&err, dev, hsn);
1815 add_token_bytestring(&err, dev, opaluid[OPAL_LOCKINGSP_UID],
1817 add_token_u8(&err, dev, 1);
1818 add_token_u8(&err, dev, OPAL_STARTNAME);
1819 add_token_u8(&err, dev, 0);
1820 add_token_bytestring(&err, dev, key, keylen);
1821 add_token_u8(&err, dev, OPAL_ENDNAME);
1822 add_token_u8(&err, dev, OPAL_STARTNAME);
1823 add_token_u8(&err, dev, 3);
1824 add_token_bytestring(&err, dev, lk_ul_user, OPAL_UID_LENGTH);
1825 add_token_u8(&err, dev, OPAL_ENDNAME);
1828 pr_debug("Error building STARTSESSION command.\n");
1832 return finalize_and_send(dev, start_opal_session_cont);
1835 static int revert_tper(struct opal_dev *dev, void *data)
1839 err = cmd_start(dev, opaluid[OPAL_ADMINSP_UID],
1840 opalmethod[OPAL_REVERT]);
1842 pr_debug("Error building REVERT TPER command.\n");
1846 return finalize_and_send(dev, parse_and_check_status);
1849 static int internal_activate_user(struct opal_dev *dev, void *data)
1851 struct opal_session_info *session = data;
1852 u8 uid[OPAL_UID_LENGTH];
1855 memcpy(uid, opaluid[OPAL_USER1_UID], OPAL_UID_LENGTH);
1856 uid[7] = session->who;
1858 err = cmd_start(dev, uid, opalmethod[OPAL_SET]);
1859 add_token_u8(&err, dev, OPAL_STARTNAME);
1860 add_token_u8(&err, dev, OPAL_VALUES);
1861 add_token_u8(&err, dev, OPAL_STARTLIST);
1862 add_token_u8(&err, dev, OPAL_STARTNAME);
1863 add_token_u8(&err, dev, 5); /* Enabled */
1864 add_token_u8(&err, dev, OPAL_TRUE);
1865 add_token_u8(&err, dev, OPAL_ENDNAME);
1866 add_token_u8(&err, dev, OPAL_ENDLIST);
1867 add_token_u8(&err, dev, OPAL_ENDNAME);
1870 pr_debug("Error building Activate UserN command.\n");
1874 return finalize_and_send(dev, parse_and_check_status);
1877 static int revert_lsp(struct opal_dev *dev, void *data)
1879 struct opal_revert_lsp *rev = data;
1882 err = cmd_start(dev, opaluid[OPAL_THISSP_UID],
1883 opalmethod[OPAL_REVERTSP]);
1884 add_token_u8(&err, dev, OPAL_STARTNAME);
1885 add_token_u64(&err, dev, OPAL_KEEP_GLOBAL_RANGE_KEY);
1886 add_token_u8(&err, dev, (rev->options & OPAL_PRESERVE) ?
1887 OPAL_TRUE : OPAL_FALSE);
1888 add_token_u8(&err, dev, OPAL_ENDNAME);
1890 pr_debug("Error building REVERT SP command.\n");
1894 return finalize_and_send(dev, parse_and_check_status);
1897 static int erase_locking_range(struct opal_dev *dev, void *data)
1899 struct opal_session_info *session = data;
1900 u8 uid[OPAL_UID_LENGTH];
1903 if (build_locking_range(uid, sizeof(uid), session->opal_key.lr) < 0)
1906 err = cmd_start(dev, uid, opalmethod[OPAL_ERASE]);
1909 pr_debug("Error building Erase Locking Range Command.\n");
1913 return finalize_and_send(dev, parse_and_check_status);
1916 static int set_mbr_done(struct opal_dev *dev, void *data)
1918 u8 *mbr_done_tf = data;
1921 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1922 opalmethod[OPAL_SET]);
1924 add_token_u8(&err, dev, OPAL_STARTNAME);
1925 add_token_u8(&err, dev, OPAL_VALUES);
1926 add_token_u8(&err, dev, OPAL_STARTLIST);
1927 add_token_u8(&err, dev, OPAL_STARTNAME);
1928 add_token_u8(&err, dev, OPAL_MBRDONE);
1929 add_token_u8(&err, dev, *mbr_done_tf); /* Done T or F */
1930 add_token_u8(&err, dev, OPAL_ENDNAME);
1931 add_token_u8(&err, dev, OPAL_ENDLIST);
1932 add_token_u8(&err, dev, OPAL_ENDNAME);
1935 pr_debug("Error Building set MBR Done command\n");
1939 return finalize_and_send(dev, parse_and_check_status);
1942 static int set_mbr_enable_disable(struct opal_dev *dev, void *data)
1944 u8 *mbr_en_dis = data;
1947 err = cmd_start(dev, opaluid[OPAL_MBRCONTROL],
1948 opalmethod[OPAL_SET]);
1950 add_token_u8(&err, dev, OPAL_STARTNAME);
1951 add_token_u8(&err, dev, OPAL_VALUES);
1952 add_token_u8(&err, dev, OPAL_STARTLIST);
1953 add_token_u8(&err, dev, OPAL_STARTNAME);
1954 add_token_u8(&err, dev, OPAL_MBRENABLE);
1955 add_token_u8(&err, dev, *mbr_en_dis);
1956 add_token_u8(&err, dev, OPAL_ENDNAME);
1957 add_token_u8(&err, dev, OPAL_ENDLIST);
1958 add_token_u8(&err, dev, OPAL_ENDNAME);
1961 pr_debug("Error Building set MBR done command\n");
1965 return finalize_and_send(dev, parse_and_check_status);
1968 static int write_shadow_mbr(struct opal_dev *dev, void *data)
1970 struct opal_shadow_mbr *shadow = data;
1972 return generic_table_write_data(dev, shadow->data, shadow->offset,
1973 shadow->size, opaluid[OPAL_MBR]);
1976 static int generic_pw_cmd(u8 *key, size_t key_len, u8 *cpin_uid,
1977 struct opal_dev *dev)
1981 err = cmd_start(dev, cpin_uid, opalmethod[OPAL_SET]);
1983 add_token_u8(&err, dev, OPAL_STARTNAME);
1984 add_token_u8(&err, dev, OPAL_VALUES);
1985 add_token_u8(&err, dev, OPAL_STARTLIST);
1986 add_token_u8(&err, dev, OPAL_STARTNAME);
1987 add_token_u8(&err, dev, OPAL_PIN);
1988 add_token_bytestring(&err, dev, key, key_len);
1989 add_token_u8(&err, dev, OPAL_ENDNAME);
1990 add_token_u8(&err, dev, OPAL_ENDLIST);
1991 add_token_u8(&err, dev, OPAL_ENDNAME);
1996 static int set_new_pw(struct opal_dev *dev, void *data)
1998 u8 cpin_uid[OPAL_UID_LENGTH];
1999 struct opal_session_info *usr = data;
2001 memcpy(cpin_uid, opaluid[OPAL_C_PIN_ADMIN1], OPAL_UID_LENGTH);
2003 if (usr->who != OPAL_ADMIN1) {
2006 cpin_uid[7] = usr->opal_key.lr + 1;
2008 cpin_uid[7] = usr->who;
2011 if (generic_pw_cmd(usr->opal_key.key, usr->opal_key.key_len,
2013 pr_debug("Error building set password command.\n");
2017 return finalize_and_send(dev, parse_and_check_status);
2020 static int set_sid_cpin_pin(struct opal_dev *dev, void *data)
2022 u8 cpin_uid[OPAL_UID_LENGTH];
2023 struct opal_key *key = data;
2025 memcpy(cpin_uid, opaluid[OPAL_C_PIN_SID], OPAL_UID_LENGTH);
2027 if (generic_pw_cmd(key->key, key->key_len, cpin_uid, dev)) {
2028 pr_debug("Error building Set SID cpin\n");
2031 return finalize_and_send(dev, parse_and_check_status);
2034 static void add_authority_object_ref(int *err,
2035 struct opal_dev *dev,
2039 add_token_u8(err, dev, OPAL_STARTNAME);
2040 add_token_bytestring(err, dev,
2041 opaluid[OPAL_HALF_UID_AUTHORITY_OBJ_REF],
2043 add_token_bytestring(err, dev, uid, uid_len);
2044 add_token_u8(err, dev, OPAL_ENDNAME);
2047 static void add_boolean_object_ref(int *err,
2048 struct opal_dev *dev,
2051 add_token_u8(err, dev, OPAL_STARTNAME);
2052 add_token_bytestring(err, dev, opaluid[OPAL_HALF_UID_BOOLEAN_ACE],
2054 add_token_u8(err, dev, boolean_op);
2055 add_token_u8(err, dev, OPAL_ENDNAME);
2058 static int set_lr_boolean_ace(struct opal_dev *dev,
2059 unsigned int opal_uid,
2064 u8 lr_buffer[OPAL_UID_LENGTH];
2065 u8 user_uid[OPAL_UID_LENGTH];
2069 memcpy(lr_buffer, opaluid[opal_uid], OPAL_UID_LENGTH);
2072 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2074 add_token_u8(&err, dev, OPAL_STARTNAME);
2075 add_token_u8(&err, dev, OPAL_VALUES);
2077 add_token_u8(&err, dev, OPAL_STARTLIST);
2078 add_token_u8(&err, dev, OPAL_STARTNAME);
2079 add_token_u8(&err, dev, 3);
2081 add_token_u8(&err, dev, OPAL_STARTLIST);
2083 for (u = 0; u < users_len; u++) {
2084 if (users[u] == OPAL_ADMIN1)
2085 memcpy(user_uid, opaluid[OPAL_ADMIN1_UID],
2088 memcpy(user_uid, opaluid[OPAL_USER1_UID],
2090 user_uid[7] = users[u];
2093 add_authority_object_ref(&err, dev, user_uid, sizeof(user_uid));
2096 * Add boolean operator in postfix only with
2097 * two or more authorities being added in ACE
2101 add_boolean_object_ref(&err, dev, OPAL_BOOLEAN_OR);
2104 add_token_u8(&err, dev, OPAL_ENDLIST);
2105 add_token_u8(&err, dev, OPAL_ENDNAME);
2106 add_token_u8(&err, dev, OPAL_ENDLIST);
2107 add_token_u8(&err, dev, OPAL_ENDNAME);
2112 static int add_user_to_lr(struct opal_dev *dev, void *data)
2115 struct opal_lock_unlock *lkul = data;
2116 const u8 users[] = {
2120 err = set_lr_boolean_ace(dev,
2121 lkul->l_state == OPAL_RW ?
2122 OPAL_LOCKINGRANGE_ACE_WRLOCKED :
2123 OPAL_LOCKINGRANGE_ACE_RDLOCKED,
2124 lkul->session.opal_key.lr, users,
2127 pr_debug("Error building add user to locking range command.\n");
2131 return finalize_and_send(dev, parse_and_check_status);
2134 static int add_user_to_lr_ace(struct opal_dev *dev, void *data)
2137 struct opal_lock_unlock *lkul = data;
2138 const u8 users[] = {
2143 err = set_lr_boolean_ace(dev, OPAL_LOCKINGRANGE_ACE_START_TO_KEY,
2144 lkul->session.opal_key.lr, users,
2148 pr_debug("Error building add user to locking ranges ACEs.\n");
2152 return finalize_and_send(dev, parse_and_check_status);
2155 static int lock_unlock_locking_range(struct opal_dev *dev, void *data)
2157 u8 lr_buffer[OPAL_UID_LENGTH];
2158 struct opal_lock_unlock *lkul = data;
2159 u8 read_locked = 1, write_locked = 1;
2162 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2163 lkul->session.opal_key.lr) < 0)
2166 switch (lkul->l_state) {
2176 /* vars are initialized to locked */
2179 pr_debug("Tried to set an invalid locking state... returning to uland\n");
2180 return OPAL_INVAL_PARAM;
2183 err = cmd_start(dev, lr_buffer, opalmethod[OPAL_SET]);
2185 add_token_u8(&err, dev, OPAL_STARTNAME);
2186 add_token_u8(&err, dev, OPAL_VALUES);
2187 add_token_u8(&err, dev, OPAL_STARTLIST);
2189 add_token_u8(&err, dev, OPAL_STARTNAME);
2190 add_token_u8(&err, dev, OPAL_READLOCKED);
2191 add_token_u8(&err, dev, read_locked);
2192 add_token_u8(&err, dev, OPAL_ENDNAME);
2194 add_token_u8(&err, dev, OPAL_STARTNAME);
2195 add_token_u8(&err, dev, OPAL_WRITELOCKED);
2196 add_token_u8(&err, dev, write_locked);
2197 add_token_u8(&err, dev, OPAL_ENDNAME);
2199 add_token_u8(&err, dev, OPAL_ENDLIST);
2200 add_token_u8(&err, dev, OPAL_ENDNAME);
2203 pr_debug("Error building SET command.\n");
2207 return finalize_and_send(dev, parse_and_check_status);
2211 static int lock_unlock_locking_range_sum(struct opal_dev *dev, void *data)
2213 u8 lr_buffer[OPAL_UID_LENGTH];
2214 u8 read_locked = 1, write_locked = 1;
2215 struct opal_lock_unlock *lkul = data;
2218 clear_opal_cmd(dev);
2219 set_comid(dev, dev->comid);
2221 if (build_locking_range(lr_buffer, sizeof(lr_buffer),
2222 lkul->session.opal_key.lr) < 0)
2225 switch (lkul->l_state) {
2235 /* vars are initialized to locked */
2238 pr_debug("Tried to set an invalid locking state.\n");
2239 return OPAL_INVAL_PARAM;
2241 ret = generic_lr_enable_disable(dev, lr_buffer, 1, 1,
2242 read_locked, write_locked);
2245 pr_debug("Error building SET command.\n");
2249 return finalize_and_send(dev, parse_and_check_status);
2252 static int activate_lsp(struct opal_dev *dev, void *data)
2254 struct opal_lr_act *opal_act = data;
2255 u8 user_lr[OPAL_UID_LENGTH];
2258 err = cmd_start(dev, opaluid[OPAL_LOCKINGSP_UID],
2259 opalmethod[OPAL_ACTIVATE]);
2261 if (opal_act->sum) {
2262 err = build_locking_range(user_lr, sizeof(user_lr),
2267 add_token_u8(&err, dev, OPAL_STARTNAME);
2268 add_token_u64(&err, dev, OPAL_SUM_SET_LIST);
2270 add_token_u8(&err, dev, OPAL_STARTLIST);
2271 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2272 for (i = 1; i < opal_act->num_lrs; i++) {
2273 user_lr[7] = opal_act->lr[i];
2274 add_token_bytestring(&err, dev, user_lr, OPAL_UID_LENGTH);
2276 add_token_u8(&err, dev, OPAL_ENDLIST);
2277 add_token_u8(&err, dev, OPAL_ENDNAME);
2281 pr_debug("Error building Activate LockingSP command.\n");
2285 return finalize_and_send(dev, parse_and_check_status);
2288 /* Determine if we're in the Manufactured Inactive or Active state */
2289 static int get_lsp_lifecycle(struct opal_dev *dev, void *data)
2294 err = generic_get_column(dev, opaluid[OPAL_LOCKINGSP_UID],
2299 lc_status = response_get_u64(&dev->parsed, 4);
2300 /* 0x08 is Manufactured Inactive */
2301 /* 0x09 is Manufactured */
2302 if (lc_status != OPAL_MANUFACTURED_INACTIVE) {
2303 pr_debug("Couldn't determine the status of the Lifecycle state\n");
2310 static int get_msid_cpin_pin(struct opal_dev *dev, void *data)
2312 const char *msid_pin;
2316 err = generic_get_column(dev, opaluid[OPAL_C_PIN_MSID], OPAL_PIN);
2320 strlen = response_get_string(&dev->parsed, 4, &msid_pin);
2322 pr_debug("Couldn't extract MSID_CPIN from response\n");
2323 return OPAL_INVAL_PARAM;
2326 dev->prev_data = kmemdup(msid_pin, strlen, GFP_KERNEL);
2327 if (!dev->prev_data)
2330 dev->prev_d_len = strlen;
2335 static int write_table_data(struct opal_dev *dev, void *data)
2337 struct opal_read_write_table *write_tbl = data;
2339 return generic_table_write_data(dev, write_tbl->data, write_tbl->offset,
2340 write_tbl->size, write_tbl->table_uid);
2343 static int read_table_data_cont(struct opal_dev *dev)
2346 const char *data_read;
2348 err = parse_and_check_status(dev);
2352 dev->prev_d_len = response_get_string(&dev->parsed, 1, &data_read);
2353 dev->prev_data = (void *)data_read;
2354 if (!dev->prev_data) {
2355 pr_debug("%s: Couldn't read data from the table.\n", __func__);
2356 return OPAL_INVAL_PARAM;
2363 * IO_BUFFER_LENGTH = 2048
2364 * sizeof(header) = 56
2365 * No. of Token Bytes in the Response = 11
2366 * MAX size of data that can be carried in response buffer
2367 * at a time is : 2048 - (56 + 11) = 1981 = 0x7BD.
2369 #define OPAL_MAX_READ_TABLE (0x7BD)
2371 static int read_table_data(struct opal_dev *dev, void *data)
2373 struct opal_read_write_table *read_tbl = data;
2375 size_t off = 0, max_read_size = OPAL_MAX_READ_TABLE;
2377 u64 offset = read_tbl->offset, read_size = read_tbl->size - 1;
2380 err = generic_get_table_info(dev, read_tbl->table_uid, OPAL_TABLE_ROWS);
2382 pr_debug("Couldn't get the table size\n");
2386 table_len = response_get_u64(&dev->parsed, 4);
2388 /* Check if the user is trying to read from the table limits */
2389 if (read_size > table_len || offset > table_len - read_size) {
2390 pr_debug("Read size exceeds the Table size limits (%llu vs. %llu)\n",
2391 offset + read_size, table_len);
2395 while (off < read_size) {
2396 err = cmd_start(dev, read_tbl->table_uid, opalmethod[OPAL_GET]);
2398 add_token_u8(&err, dev, OPAL_STARTLIST);
2399 add_token_u8(&err, dev, OPAL_STARTNAME);
2400 add_token_u8(&err, dev, OPAL_STARTROW);
2401 add_token_u64(&err, dev, offset + off); /* start row value */
2402 add_token_u8(&err, dev, OPAL_ENDNAME);
2404 add_token_u8(&err, dev, OPAL_STARTNAME);
2405 add_token_u8(&err, dev, OPAL_ENDROW);
2407 len = min(max_read_size, (size_t)(read_size - off));
2408 add_token_u64(&err, dev, offset + off + len); /* end row value
2410 add_token_u8(&err, dev, OPAL_ENDNAME);
2411 add_token_u8(&err, dev, OPAL_ENDLIST);
2414 pr_debug("Error building read table data command.\n");
2418 err = finalize_and_send(dev, read_table_data_cont);
2422 /* len+1: This includes the NULL terminator at the end*/
2423 if (dev->prev_d_len > len + 1) {
2428 dst = (u8 __user *)(uintptr_t)read_tbl->data;
2429 if (copy_to_user(dst + off, dev->prev_data, dev->prev_d_len)) {
2430 pr_debug("Error copying data to userspace\n");
2434 dev->prev_data = NULL;
2442 static int end_opal_session(struct opal_dev *dev, void *data)
2446 clear_opal_cmd(dev);
2447 set_comid(dev, dev->comid);
2448 add_token_u8(&err, dev, OPAL_ENDOFSESSION);
2453 return finalize_and_send(dev, end_session_cont);
2456 static int end_opal_session_error(struct opal_dev *dev)
2458 const struct opal_step error_end_session = {
2462 return execute_step(dev, &error_end_session, 0);
2465 static inline void setup_opal_dev(struct opal_dev *dev)
2469 dev->prev_data = NULL;
2472 static int check_opal_support(struct opal_dev *dev)
2476 mutex_lock(&dev->dev_lock);
2477 setup_opal_dev(dev);
2478 ret = opal_discovery0_step(dev);
2480 dev->flags |= OPAL_FL_SUPPORTED;
2481 mutex_unlock(&dev->dev_lock);
2486 static void clean_opal_dev(struct opal_dev *dev)
2489 struct opal_suspend_data *suspend, *next;
2491 mutex_lock(&dev->dev_lock);
2492 list_for_each_entry_safe(suspend, next, &dev->unlk_lst, node) {
2493 list_del(&suspend->node);
2496 mutex_unlock(&dev->dev_lock);
2499 void free_opal_dev(struct opal_dev *dev)
2504 clean_opal_dev(dev);
2509 EXPORT_SYMBOL(free_opal_dev);
2511 struct opal_dev *init_opal_dev(void *data, sec_send_recv *send_recv)
2513 struct opal_dev *dev;
2515 dev = kmalloc(sizeof(*dev), GFP_KERNEL);
2520 * Presumably DMA-able buffers must be cache-aligned. Kmalloc makes
2521 * sure the allocated buffer is DMA-safe in that regard.
2523 dev->cmd = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2527 dev->resp = kmalloc(IO_BUFFER_LENGTH, GFP_KERNEL);
2531 INIT_LIST_HEAD(&dev->unlk_lst);
2532 mutex_init(&dev->dev_lock);
2535 dev->send_recv = send_recv;
2536 if (check_opal_support(dev) != 0) {
2537 pr_debug("Opal is not supported on this device\n");
2554 EXPORT_SYMBOL(init_opal_dev);
2556 static int opal_secure_erase_locking_range(struct opal_dev *dev,
2557 struct opal_session_info *opal_session)
2559 const struct opal_step erase_steps[] = {
2560 { start_auth_opal_session, opal_session },
2561 { get_active_key, &opal_session->opal_key.lr },
2563 { end_opal_session, }
2567 ret = opal_get_key(dev, &opal_session->opal_key);
2570 mutex_lock(&dev->dev_lock);
2571 setup_opal_dev(dev);
2572 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2573 mutex_unlock(&dev->dev_lock);
2578 static int opal_get_discv(struct opal_dev *dev, struct opal_discovery *discv)
2580 const struct opal_step discovery0_step = {
2581 opal_discovery0, discv
2585 mutex_lock(&dev->dev_lock);
2586 setup_opal_dev(dev);
2587 ret = execute_step(dev, &discovery0_step, 0);
2588 mutex_unlock(&dev->dev_lock);
2591 return discv->size; /* modified to actual length of data */
2594 static int opal_revertlsp(struct opal_dev *dev, struct opal_revert_lsp *rev)
2596 /* controller will terminate session */
2597 const struct opal_step steps[] = {
2598 { start_admin1LSP_opal_session, &rev->key },
2603 ret = opal_get_key(dev, &rev->key);
2606 mutex_lock(&dev->dev_lock);
2607 setup_opal_dev(dev);
2608 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2609 mutex_unlock(&dev->dev_lock);
2614 static int opal_erase_locking_range(struct opal_dev *dev,
2615 struct opal_session_info *opal_session)
2617 const struct opal_step erase_steps[] = {
2618 { start_auth_opal_session, opal_session },
2619 { erase_locking_range, opal_session },
2620 { end_opal_session, }
2624 ret = opal_get_key(dev, &opal_session->opal_key);
2627 mutex_lock(&dev->dev_lock);
2628 setup_opal_dev(dev);
2629 ret = execute_steps(dev, erase_steps, ARRAY_SIZE(erase_steps));
2630 mutex_unlock(&dev->dev_lock);
2635 static int opal_enable_disable_shadow_mbr(struct opal_dev *dev,
2636 struct opal_mbr_data *opal_mbr)
2638 u8 enable_disable = opal_mbr->enable_disable == OPAL_MBR_ENABLE ?
2639 OPAL_TRUE : OPAL_FALSE;
2641 const struct opal_step mbr_steps[] = {
2642 { start_admin1LSP_opal_session, &opal_mbr->key },
2643 { set_mbr_done, &enable_disable },
2644 { end_opal_session, },
2645 { start_admin1LSP_opal_session, &opal_mbr->key },
2646 { set_mbr_enable_disable, &enable_disable },
2647 { end_opal_session, }
2651 if (opal_mbr->enable_disable != OPAL_MBR_ENABLE &&
2652 opal_mbr->enable_disable != OPAL_MBR_DISABLE)
2655 ret = opal_get_key(dev, &opal_mbr->key);
2658 mutex_lock(&dev->dev_lock);
2659 setup_opal_dev(dev);
2660 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2661 mutex_unlock(&dev->dev_lock);
2666 static int opal_set_mbr_done(struct opal_dev *dev,
2667 struct opal_mbr_done *mbr_done)
2669 u8 mbr_done_tf = mbr_done->done_flag == OPAL_MBR_DONE ?
2670 OPAL_TRUE : OPAL_FALSE;
2672 const struct opal_step mbr_steps[] = {
2673 { start_admin1LSP_opal_session, &mbr_done->key },
2674 { set_mbr_done, &mbr_done_tf },
2675 { end_opal_session, }
2679 if (mbr_done->done_flag != OPAL_MBR_DONE &&
2680 mbr_done->done_flag != OPAL_MBR_NOT_DONE)
2683 ret = opal_get_key(dev, &mbr_done->key);
2686 mutex_lock(&dev->dev_lock);
2687 setup_opal_dev(dev);
2688 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2689 mutex_unlock(&dev->dev_lock);
2694 static int opal_write_shadow_mbr(struct opal_dev *dev,
2695 struct opal_shadow_mbr *info)
2697 const struct opal_step mbr_steps[] = {
2698 { start_admin1LSP_opal_session, &info->key },
2699 { write_shadow_mbr, info },
2700 { end_opal_session, }
2704 if (info->size == 0)
2707 ret = opal_get_key(dev, &info->key);
2710 mutex_lock(&dev->dev_lock);
2711 setup_opal_dev(dev);
2712 ret = execute_steps(dev, mbr_steps, ARRAY_SIZE(mbr_steps));
2713 mutex_unlock(&dev->dev_lock);
2718 static int opal_save(struct opal_dev *dev, struct opal_lock_unlock *lk_unlk)
2720 struct opal_suspend_data *suspend;
2722 suspend = kzalloc(sizeof(*suspend), GFP_KERNEL);
2726 suspend->unlk = *lk_unlk;
2727 suspend->lr = lk_unlk->session.opal_key.lr;
2729 mutex_lock(&dev->dev_lock);
2730 setup_opal_dev(dev);
2731 add_suspend_info(dev, suspend);
2732 mutex_unlock(&dev->dev_lock);
2737 static int opal_add_user_to_lr(struct opal_dev *dev,
2738 struct opal_lock_unlock *lk_unlk)
2740 const struct opal_step steps[] = {
2741 { start_admin1LSP_opal_session, &lk_unlk->session.opal_key },
2742 { add_user_to_lr, lk_unlk },
2743 { add_user_to_lr_ace, lk_unlk },
2744 { end_opal_session, }
2748 if (lk_unlk->l_state != OPAL_RO &&
2749 lk_unlk->l_state != OPAL_RW) {
2750 pr_debug("Locking state was not RO or RW\n");
2754 if (lk_unlk->session.who < OPAL_USER1 ||
2755 lk_unlk->session.who > OPAL_USER9) {
2756 pr_debug("Authority was not within the range of users: %d\n",
2757 lk_unlk->session.who);
2761 if (lk_unlk->session.sum) {
2762 pr_debug("%s not supported in sum. Use setup locking range\n",
2767 ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2770 mutex_lock(&dev->dev_lock);
2771 setup_opal_dev(dev);
2772 ret = execute_steps(dev, steps, ARRAY_SIZE(steps));
2773 mutex_unlock(&dev->dev_lock);
2778 static int opal_reverttper(struct opal_dev *dev, struct opal_key *opal, bool psid)
2780 /* controller will terminate session */
2781 const struct opal_step revert_steps[] = {
2782 { start_SIDASP_opal_session, opal },
2785 const struct opal_step psid_revert_steps[] = {
2786 { start_PSID_opal_session, opal },
2792 ret = opal_get_key(dev, opal);
2796 mutex_lock(&dev->dev_lock);
2797 setup_opal_dev(dev);
2799 ret = execute_steps(dev, psid_revert_steps,
2800 ARRAY_SIZE(psid_revert_steps));
2802 ret = execute_steps(dev, revert_steps,
2803 ARRAY_SIZE(revert_steps));
2804 mutex_unlock(&dev->dev_lock);
2807 * If we successfully reverted lets clean
2808 * any saved locking ranges.
2811 clean_opal_dev(dev);
2816 static int __opal_lock_unlock(struct opal_dev *dev,
2817 struct opal_lock_unlock *lk_unlk)
2819 const struct opal_step unlock_steps[] = {
2820 { start_auth_opal_session, &lk_unlk->session },
2821 { lock_unlock_locking_range, lk_unlk },
2822 { end_opal_session, }
2824 const struct opal_step unlock_sum_steps[] = {
2825 { start_auth_opal_session, &lk_unlk->session },
2826 { lock_unlock_locking_range_sum, lk_unlk },
2827 { end_opal_session, }
2830 if (lk_unlk->session.sum)
2831 return execute_steps(dev, unlock_sum_steps,
2832 ARRAY_SIZE(unlock_sum_steps));
2834 return execute_steps(dev, unlock_steps,
2835 ARRAY_SIZE(unlock_steps));
2838 static int __opal_set_mbr_done(struct opal_dev *dev, struct opal_key *key)
2840 u8 mbr_done_tf = OPAL_TRUE;
2841 const struct opal_step mbrdone_step[] = {
2842 { start_admin1LSP_opal_session, key },
2843 { set_mbr_done, &mbr_done_tf },
2844 { end_opal_session, }
2847 return execute_steps(dev, mbrdone_step, ARRAY_SIZE(mbrdone_step));
2850 static void opal_lock_check_for_saved_key(struct opal_dev *dev,
2851 struct opal_lock_unlock *lk_unlk)
2853 struct opal_suspend_data *iter;
2855 if (lk_unlk->l_state != OPAL_LK ||
2856 lk_unlk->session.opal_key.key_len > 0)
2860 * Usually when closing a crypto device (eg: dm-crypt with LUKS) the
2861 * volume key is not required, as it requires root privileges anyway,
2862 * and root can deny access to a disk in many ways regardless.
2863 * Requiring the volume key to lock the device is a peculiarity of the
2864 * OPAL specification. Given we might already have saved the key if
2865 * the user requested it via the 'IOC_OPAL_SAVE' ioctl, we can use
2866 * that key to lock the device if no key was provided here, the
2867 * locking range matches and the appropriate flag was passed with
2869 * This allows integrating OPAL with tools and libraries that are used
2870 * to the common behaviour and do not ask for the volume key when
2873 setup_opal_dev(dev);
2874 list_for_each_entry(iter, &dev->unlk_lst, node) {
2875 if ((iter->unlk.flags & OPAL_SAVE_FOR_LOCK) &&
2876 iter->lr == lk_unlk->session.opal_key.lr &&
2877 iter->unlk.session.opal_key.key_len > 0) {
2878 lk_unlk->session.opal_key.key_len =
2879 iter->unlk.session.opal_key.key_len;
2880 memcpy(lk_unlk->session.opal_key.key,
2881 iter->unlk.session.opal_key.key,
2882 iter->unlk.session.opal_key.key_len);
2888 static int opal_lock_unlock(struct opal_dev *dev,
2889 struct opal_lock_unlock *lk_unlk)
2893 if (lk_unlk->session.who > OPAL_USER9)
2896 mutex_lock(&dev->dev_lock);
2897 opal_lock_check_for_saved_key(dev, lk_unlk);
2898 ret = opal_get_key(dev, &lk_unlk->session.opal_key);
2900 ret = __opal_lock_unlock(dev, lk_unlk);
2901 mutex_unlock(&dev->dev_lock);
2906 static int opal_take_ownership(struct opal_dev *dev, struct opal_key *opal)
2908 const struct opal_step owner_steps[] = {
2909 { start_anybodyASP_opal_session, },
2910 { get_msid_cpin_pin, },
2911 { end_opal_session, },
2912 { start_SIDASP_opal_session, opal },
2913 { set_sid_cpin_pin, opal },
2914 { end_opal_session, }
2921 ret = opal_get_key(dev, opal);
2924 mutex_lock(&dev->dev_lock);
2925 setup_opal_dev(dev);
2926 ret = execute_steps(dev, owner_steps, ARRAY_SIZE(owner_steps));
2927 mutex_unlock(&dev->dev_lock);
2932 static int opal_activate_lsp(struct opal_dev *dev,
2933 struct opal_lr_act *opal_lr_act)
2935 const struct opal_step active_steps[] = {
2936 { start_SIDASP_opal_session, &opal_lr_act->key },
2937 { get_lsp_lifecycle, },
2938 { activate_lsp, opal_lr_act },
2939 { end_opal_session, }
2943 if (!opal_lr_act->num_lrs || opal_lr_act->num_lrs > OPAL_MAX_LRS)
2946 ret = opal_get_key(dev, &opal_lr_act->key);
2949 mutex_lock(&dev->dev_lock);
2950 setup_opal_dev(dev);
2951 ret = execute_steps(dev, active_steps, ARRAY_SIZE(active_steps));
2952 mutex_unlock(&dev->dev_lock);
2957 static int opal_setup_locking_range(struct opal_dev *dev,
2958 struct opal_user_lr_setup *opal_lrs)
2960 const struct opal_step lr_steps[] = {
2961 { start_auth_opal_session, &opal_lrs->session },
2962 { setup_locking_range, opal_lrs },
2963 { end_opal_session, }
2967 ret = opal_get_key(dev, &opal_lrs->session.opal_key);
2970 mutex_lock(&dev->dev_lock);
2971 setup_opal_dev(dev);
2972 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2973 mutex_unlock(&dev->dev_lock);
2978 static int opal_locking_range_status(struct opal_dev *dev,
2979 struct opal_lr_status *opal_lrst,
2982 const struct opal_step lr_steps[] = {
2983 { start_auth_opal_session, &opal_lrst->session },
2984 { locking_range_status, opal_lrst },
2985 { end_opal_session, }
2989 mutex_lock(&dev->dev_lock);
2990 setup_opal_dev(dev);
2991 ret = execute_steps(dev, lr_steps, ARRAY_SIZE(lr_steps));
2992 mutex_unlock(&dev->dev_lock);
2994 /* skip session info when copying back to uspace */
2995 if (!ret && copy_to_user(data + offsetof(struct opal_lr_status, range_start),
2996 (void *)opal_lrst + offsetof(struct opal_lr_status, range_start),
2997 sizeof(*opal_lrst) - offsetof(struct opal_lr_status, range_start))) {
2998 pr_debug("Error copying status to userspace\n");
3005 static int opal_set_new_pw(struct opal_dev *dev, struct opal_new_pw *opal_pw)
3007 const struct opal_step pw_steps[] = {
3008 { start_auth_opal_session, &opal_pw->session },
3009 { set_new_pw, &opal_pw->new_user_pw },
3010 { end_opal_session, }
3014 if (opal_pw->session.who > OPAL_USER9 ||
3015 opal_pw->new_user_pw.who > OPAL_USER9)
3018 mutex_lock(&dev->dev_lock);
3019 setup_opal_dev(dev);
3020 ret = execute_steps(dev, pw_steps, ARRAY_SIZE(pw_steps));
3021 mutex_unlock(&dev->dev_lock);
3026 /* update keyring and key store with new password */
3027 ret = sed_write_key(OPAL_AUTH_KEY,
3028 opal_pw->new_user_pw.opal_key.key,
3029 opal_pw->new_user_pw.opal_key.key_len);
3030 if (ret != -EOPNOTSUPP)
3031 pr_warn("error updating SED key: %d\n", ret);
3033 ret = update_sed_opal_key(OPAL_AUTH_KEY,
3034 opal_pw->new_user_pw.opal_key.key,
3035 opal_pw->new_user_pw.opal_key.key_len);
3040 static int opal_activate_user(struct opal_dev *dev,
3041 struct opal_session_info *opal_session)
3043 const struct opal_step act_steps[] = {
3044 { start_admin1LSP_opal_session, &opal_session->opal_key },
3045 { internal_activate_user, opal_session },
3046 { end_opal_session, }
3050 /* We can't activate Admin1 it's active as manufactured */
3051 if (opal_session->who < OPAL_USER1 ||
3052 opal_session->who > OPAL_USER9) {
3053 pr_debug("Who was not a valid user: %d\n", opal_session->who);
3057 ret = opal_get_key(dev, &opal_session->opal_key);
3060 mutex_lock(&dev->dev_lock);
3061 setup_opal_dev(dev);
3062 ret = execute_steps(dev, act_steps, ARRAY_SIZE(act_steps));
3063 mutex_unlock(&dev->dev_lock);
3068 bool opal_unlock_from_suspend(struct opal_dev *dev)
3070 struct opal_suspend_data *suspend;
3071 bool was_failure = false;
3077 if (!(dev->flags & OPAL_FL_SUPPORTED))
3080 mutex_lock(&dev->dev_lock);
3081 setup_opal_dev(dev);
3083 list_for_each_entry(suspend, &dev->unlk_lst, node) {
3087 ret = __opal_lock_unlock(dev, &suspend->unlk);
3089 pr_debug("Failed to unlock LR %hhu with sum %d\n",
3090 suspend->unlk.session.opal_key.lr,
3091 suspend->unlk.session.sum);
3095 if (dev->flags & OPAL_FL_MBR_ENABLED) {
3096 ret = __opal_set_mbr_done(dev, &suspend->unlk.session.opal_key);
3098 pr_debug("Failed to set MBR Done in S3 resume\n");
3101 mutex_unlock(&dev->dev_lock);
3105 EXPORT_SYMBOL(opal_unlock_from_suspend);
3107 static int opal_read_table(struct opal_dev *dev,
3108 struct opal_read_write_table *rw_tbl)
3110 const struct opal_step read_table_steps[] = {
3111 { start_admin1LSP_opal_session, &rw_tbl->key },
3112 { read_table_data, rw_tbl },
3113 { end_opal_session, }
3119 return execute_steps(dev, read_table_steps,
3120 ARRAY_SIZE(read_table_steps));
3123 static int opal_write_table(struct opal_dev *dev,
3124 struct opal_read_write_table *rw_tbl)
3126 const struct opal_step write_table_steps[] = {
3127 { start_admin1LSP_opal_session, &rw_tbl->key },
3128 { write_table_data, rw_tbl },
3129 { end_opal_session, }
3135 return execute_steps(dev, write_table_steps,
3136 ARRAY_SIZE(write_table_steps));
3139 static int opal_generic_read_write_table(struct opal_dev *dev,
3140 struct opal_read_write_table *rw_tbl)
3144 ret = opal_get_key(dev, &rw_tbl->key);
3147 mutex_lock(&dev->dev_lock);
3148 setup_opal_dev(dev);
3150 bit_set = fls64(rw_tbl->flags) - 1;
3152 case OPAL_READ_TABLE:
3153 ret = opal_read_table(dev, rw_tbl);
3155 case OPAL_WRITE_TABLE:
3156 ret = opal_write_table(dev, rw_tbl);
3159 pr_debug("Invalid bit set in the flag (%016llx).\n",
3165 mutex_unlock(&dev->dev_lock);
3170 static int opal_get_status(struct opal_dev *dev, void __user *data)
3172 struct opal_status sts = {0};
3175 * check_opal_support() error is not fatal,
3176 * !dev->supported is a valid condition
3178 if (!check_opal_support(dev))
3179 sts.flags = dev->flags;
3180 if (copy_to_user(data, &sts, sizeof(sts))) {
3181 pr_debug("Error copying status to userspace\n");
3187 static int opal_get_geometry(struct opal_dev *dev, void __user *data)
3189 struct opal_geometry geo = {0};
3191 if (check_opal_support(dev))
3194 geo.align = dev->align_required;
3195 geo.logical_block_size = dev->logical_block_size;
3196 geo.alignment_granularity = dev->align;
3197 geo.lowest_aligned_lba = dev->lowest_lba;
3199 if (copy_to_user(data, &geo, sizeof(geo))) {
3200 pr_debug("Error copying geometry data to userspace\n");
3207 int sed_ioctl(struct opal_dev *dev, unsigned int cmd, void __user *arg)
3212 if (!capable(CAP_SYS_ADMIN))
3216 if (!(dev->flags & OPAL_FL_SUPPORTED))
3220 p = memdup_user(arg, _IOC_SIZE(cmd));
3227 ret = opal_save(dev, p);
3229 case IOC_OPAL_LOCK_UNLOCK:
3230 ret = opal_lock_unlock(dev, p);
3232 case IOC_OPAL_TAKE_OWNERSHIP:
3233 ret = opal_take_ownership(dev, p);
3235 case IOC_OPAL_ACTIVATE_LSP:
3236 ret = opal_activate_lsp(dev, p);
3238 case IOC_OPAL_SET_PW:
3239 ret = opal_set_new_pw(dev, p);
3241 case IOC_OPAL_ACTIVATE_USR:
3242 ret = opal_activate_user(dev, p);
3244 case IOC_OPAL_REVERT_TPR:
3245 ret = opal_reverttper(dev, p, false);
3247 case IOC_OPAL_LR_SETUP:
3248 ret = opal_setup_locking_range(dev, p);
3250 case IOC_OPAL_ADD_USR_TO_LR:
3251 ret = opal_add_user_to_lr(dev, p);
3253 case IOC_OPAL_ENABLE_DISABLE_MBR:
3254 ret = opal_enable_disable_shadow_mbr(dev, p);
3256 case IOC_OPAL_MBR_DONE:
3257 ret = opal_set_mbr_done(dev, p);
3259 case IOC_OPAL_WRITE_SHADOW_MBR:
3260 ret = opal_write_shadow_mbr(dev, p);
3262 case IOC_OPAL_ERASE_LR:
3263 ret = opal_erase_locking_range(dev, p);
3265 case IOC_OPAL_SECURE_ERASE_LR:
3266 ret = opal_secure_erase_locking_range(dev, p);
3268 case IOC_OPAL_PSID_REVERT_TPR:
3269 ret = opal_reverttper(dev, p, true);
3271 case IOC_OPAL_GENERIC_TABLE_RW:
3272 ret = opal_generic_read_write_table(dev, p);
3274 case IOC_OPAL_GET_STATUS:
3275 ret = opal_get_status(dev, arg);
3277 case IOC_OPAL_GET_LR_STATUS:
3278 ret = opal_locking_range_status(dev, p, arg);
3280 case IOC_OPAL_GET_GEOMETRY:
3281 ret = opal_get_geometry(dev, arg);
3283 case IOC_OPAL_REVERT_LSP:
3284 ret = opal_revertlsp(dev, p);
3286 case IOC_OPAL_DISCOVERY:
3287 ret = opal_get_discv(dev, p);
3298 EXPORT_SYMBOL_GPL(sed_ioctl);
3300 static int __init sed_opal_init(void)
3303 char init_sed_key[OPAL_KEY_MAX];
3304 int keylen = OPAL_KEY_MAX - 1;
3306 kr = keyring_alloc(".sed_opal",
3307 GLOBAL_ROOT_UID, GLOBAL_ROOT_GID, current_cred(),
3308 (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
3309 KEY_USR_READ | KEY_USR_SEARCH | KEY_USR_WRITE,
3310 KEY_ALLOC_NOT_IN_QUOTA,
3315 sed_opal_keyring = kr;
3317 if (sed_read_key(OPAL_AUTH_KEY, init_sed_key, &keylen) < 0) {
3318 memset(init_sed_key, '\0', sizeof(init_sed_key));
3319 keylen = OPAL_KEY_MAX - 1;
3322 return update_sed_opal_key(OPAL_AUTH_KEY, init_sed_key, keylen);
3324 late_initcall(sed_opal_init);
git.samba.org / sfrench / cifs-2.6.git / blob